Security
Headlines
HeadlinesLatestCVEs

Headline

Critical SAP Vulnerability CVE-2025-42957 Actively Exploited by Hackers

Urgent security alert for SAP users! A critical vulnerability (CVE-2025-42957) allows attackers to take full control of your…

HackRead
#vulnerability#backdoor#sap

Urgent security alert for SAP users! A critical vulnerability (CVE-2025-42957) allows attackers to take full control of your system. Find out if your SAP S/4HANA is at risk and what steps to take now to mitigate the threat.

A critical security flaw has been found in several SAP products, including SAP S/4HANA, a system used by a wide range of global companies to manage their finances, supply chains, and other key business functions. This vulnerability, tracked as CVE-2025-42957, is considered highly dangerous because it could allow a malicious actor to take complete control of a company’s SAP system.

The Colorado-based identity and access security provider firm, Pathlock Research Lab, has confirmed that the vulnerability is already being actively exploited by hackers. Despite requiring a low-level user account for access, this flaw is easy for an attacker to use, and once inside, they can bypass security checks to inject their own malicious code.

****The Dangers of the Vulnerability****

The potential damage from this flaw is severe. An attacker who successfully exploits it could gain administrator-level control, allowing them to steal sensitive data, create hidden backdoors, disrupt operations, and even deploy ransomware.

Since SAP S/4HANA is central to so many critical business processes, a compromise could cause significant financial and operational damage to a company. The vulnerability affects SAP S/4HANA (Private Cloud or On-Premise) with the core Enterprise Management component S4CORE versions 102, 103, 104, 105, 106, 107, and 108.

****Immediate Action is Required****

The Dutch National Cyber Security Center (NCSC-NL) issued a security advisory on September 5, 2025, specifically to address the risks posed by this vulnerability. The advisory, which carries a medium-high priority, confirms that these vulnerabilities have been fixed in various SAP products and that the CVE-2025-42957 flaw is being actively exploited in the wild. The advisory serves as a formal confirmation of the threat and a call to action for organisations to protect themselves.

Also, SAP released patches for the affected systems on August 12, 2025, which are the only way to fully protect against this threat. Organisations using SAP S/4HANA, SAP NetWeaver, or other affected products are strongly urged to apply these security updates immediately. Two specific patches, Note 3627998 for S/4HANA and Note 3633838 for SAP Landscape Transformation, are especially important to install.

For companies that have not yet applied the August 2025 security updates, the risk of a cyberattack is high. Monitoring systems for unusual activity and strengthening security measures are also recommended to help prevent or detect any attempts to exploit this critical vulnerability.

****Expert Insight****

Shane Barney, Chief Information Security Officer at Keeper Security, shared his expert opinion on the matter, describing the CVE as a “textbook example” of why untrusted input should never be allowed to dictate how code runs. “Once dynamic code execution is in play, attackers can turn small openings into complete system compromise,” Barney said.

He recommended that organisations avoid dynamic code execution or, at a minimum, strictly limit what commands are allowed. He also stressed the importance of having a deep understanding of how applications are designed to operate to effectively detect and contain attacks before they spread.

Related news

SAP Patches Critical NetWeaver (CVSS Up to 10.0) and Previously Exploited S/4HANA Flaws

SAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code execution and the upload arbitrary files. The vulnerabilities are listed below - CVE-2025-42944 (CVSS score: 10.0) - A deserialization vulnerability in SAP NetWeaver that could allow an unauthenticated attacker to submit a malicious

⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More

Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams, the challenge is not just keeping up with the news—it’s knowing which risks matter most right now. That’s what this digest is here for: a clear, simple briefing to help you focus where it counts. This week, one story stands out above the rest: the

SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild

A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild. The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part of its monthly updates last month. "SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module